I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

one, statistics show how prevalent it is, and analysts weigh in on what organizations and vendors should do for best protection against ransomware. Part two will provide case studies of organizations that successfully recovered from ransomware attacks.

In many ways, 2016 was the year of ransomware.

The FBI estimated last year that ransomware payments in the United States were on pace to hit $1 billion in 2016. The U.S. government also estimated that ransomware attacks averaged more than 4,000 per day in 2016, up from the approximately 1,000 attacks per day in 2015.

Ransomware and protection: The basics

Ransomware -- malware that encrypts the victim's data and demands payment for the decryption key -- often gets into a system through an infected email attachment or website. Although ransomware has picked up in just the last couple of years, the concept dates to 1989, when PC-locking malcode was mailed to victims on floppy disks, according to a December IBM report. Ransomware has gained momentum in recent years with improved encryption and increased use of cryptocurrency like bitcoin, the report said.

For optimum protection against ransomware, organizations should assume they're going to get hit.
Robert Rhameresearch director, Gartner

For optimum protection against ransomware, organizations should assume they're going to get hit, said Robert Rhame, a research director at Gartner who focuses on backup and recovery.

"Backup and recovery remains the top protection," Rhame said. Specifically, journaling, reporting and more frequent recovery points during the day are helpful.

Jason Buffington, a principal analyst at Enterprise Strategy Group Inc., in Milford, Mass., focusing on data protection, said there are three keys to protection against ransomware that organizations should make a priority: What can you do to increase the frequency of protection? How can you increase the length of retention? And how can your backup and recovery platform integrate with a malware detection tool?

Ransomware by the numbers

According to a survey published in September by data protection vendor Datto, 95% of managed service providers said ransomware attacks are occurring with greater frequency. Ninety-one percent said their clients have been victims of ransomware. Eighty-eight percent of MSPs said they are "highly concerned" about ransomware, but only 34% of MSPs said their customers feel the same way.

According to the IBM report, only 31% of consumers surveyed have actually heard of ransomware.

Payment demands are often in the hundreds of dollars. The IBM report puts the average at $500, but it also said businesses are seeing larger attacks on servers and networks, along with money demands ranging from thousands all the way up to millions, in some cases.

If hit, the government recommends contacting law enforcement immediately, such as a local field office of the FBI or U.S. Secret Service.

For proper protection against ransomware, the FBI urges organizations to back up data regularly, verify the integrity of those backups and secure the backups. Organizations should also "ensure antivirus and antimalware solutions are set to automatically update and conduct regular scans."

As ransomware evolves, so does the fight against it

Customers should be looking at data protection vendors that offer integration with a malware detector, Buffington said. It's up to the backup vendors to form partnerships that will provide these built-in capabilities.

Just saying the product can help an organization recover from ransomware "is no different from saying you can recover from a forest fire or a server failure," Buffington said.

A ransomware infection can start a while before it shows itself to a customer. When ransomware slowly infects files over time, victims may actually back up the virus along with their data. Organizations should make sure to have smart backups and retention polices.

But Rhame said he thinks intentionally delaying is counterintuitive to what the criminals are after.

"It might be stealthy for a little bit, but ransomware actors seem pretty content with a fast turnaround," and figuring out quickly if the attack will make money, Rhame said. And if there is a delay in the notification to an organization, there's a good chance an antivirus program will pick up on it.

In 2017, Rhame said he thinks storage providers will be increasingly thrust into the limelight and a lot more vendors are going to provide reporting, which would aid protection against ransomware.

"I'm encouraging them to," Rhame said.

Buffington said one area to watch in 2017 is vendors integrating malware detection technology into the backup process. Many major backup vendors are looking at their role in ransomware mitigation, he said, but it's also on the customer to use the tools already provided.

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.